Officials say the age issue has emerged as one of the biggest issues before the Srikrishna committee. Children are most vulnerable to data theft and need to be protected from cyber bullying and other cybercrimes, they say.
“The committee is yet to take a view on it because of many complexities. In India, a person is considered to be minor till he or she turns 18 years. And according to the Indian Contract Act and the Indian Majority Act, a minor can’t get into any sort of contract with anyone. Whereas when a person gives assent to the terms and conditions by clicking the ‘I agree’ button on a social media platform, the person is deemed to have entered into a contract with the service provider,” says a government official on condition of anonymity.
Some minors misrepresent their age to get into social networking platforms without knowing the law. “They can be held liable for misrepresentation or for creating a false electronic record. This can invite imprisonment of up to two years under Section 465 of the Indian Penal Code,” the official adds.
The committee, headed by the retired Supreme Court judge, is said to be closely studying the European Union’s General Data Protection Regulation (GDPR) to deal with the age issue and draft India's own privacy and data protection Bill. In GDPR, which was agreed upon by the European Parliament in April 2016, the minimum age for parental consent to process children’s personal data has been raised from 13 to 16 years. The GDPR will come into effect on May 25, and companies failing to comply with certain guidelines could face fines of up to 4 per cent of their global annual turnover.
Officials say the Srikrishna committee, which was set up amid an uproar against the Union government's decision of making Aadhaar mandatory for accessing government services on July 31, has met thrice and has been apprised of various technical issues. It is likely to come out with a concept paper listing various issues — including cloud security, cloud privacy, interoperability, compatibility and cross-border data transfers — this week.
“The Ministry of Electronics and Information Technology wants to bring a privacy Bill in the upcoming winter session of Parliament,” the official says. “The concept paper is the first step in this direction.”
The timeline for bringing the privacy Bill seems ambitious as the committee is yet to hold consultations with various stakeholders, including privacy activists. The official said the committee may look at a similar draft, which was prepared during the previous government, on data protection and privacy. The draft specifies usage of data and punishment in case of leak of data.